Options
All
  • Public
  • Public/Protected
  • All
Menu

Handles permissions according to the WAC specification. Specific access checks are done by the provided AccessChecker.

Hierarchy

Index

Constructors

constructor

Properties

Private Readonly accessChecker

accessChecker: AccessChecker

Private Readonly aclStore

aclStore: ResourceStore

Private Readonly aclStrategy

Private Readonly identifierStrategy

identifierStrategy: IdentifierStrategy

Protected Readonly logger

logger: Logger = ...

Methods

canHandle

Private createPermissions

  • Creates an Authorization object based on the quads found in the ACL.

    Parameters

    • credentials: Partial<Record<CredentialGroup, Credential>>

      Credentials to check permissions for.

    • acl: Store<Quad, Quad, Quad, Quad>

      Store containing all relevant authorization triples.

    • isAcl: boolean

      If the target resource is an acl document.

    Returns Promise<Partial<Record<CredentialGroup, Partial<Record<AccessMode, boolean>>>>>

Private determinePermissions

  • determinePermissions(acl: Store<Quad, Quad, Quad, Quad>, credentials?: Credential): Promise<AclPermission>
  • Determines the available permissions for the given credentials. Will deny all permissions if credentials are not defined

    Parameters

    • acl: Store<Quad, Quad, Quad, Quad>

      Store containing all relevant authorization triples.

    • Optional credentials: Credential

      Credentials to find the permissions for.

    Returns Promise<AclPermission>

Private filterData

  • filterData(data: Representation, predicate: string, object: string): Promise<Store<Quad, Quad, Quad, Quad>>
  • Finds all triples in the data stream of the given representation that use the given predicate and object. Then extracts the unique subjects from those triples, and returns a Store containing all triples from the data stream that have such a subject.

    This can be useful for finding the acl:Authorization objects corresponding to a specific URI and returning all relevant information on them.

    Parameters

    • data: Representation

      Representation with data stream of internal/quads.

    • predicate: string

      Predicate to match.

    • object: string

      Object to match.

    Returns Promise<Store<Quad, Quad, Quad, Quad>>

    A store containing the relevant triples.

Private getAclRecursive

  • getAclRecursive(id: ResourceIdentifier, recurse?: boolean): Promise<Store<Quad, Quad, Quad, Quad>>
  • Returns the ACL triples that are relevant for the given identifier. These can either be from a corresponding ACL document or an ACL document higher up with defaults. Rethrows any non-NotFoundHttpErrors thrown by the ResourceStore.

    Parameters

    • id: ResourceIdentifier

      ResourceIdentifier of which we need the ACL triples.

    • Optional recurse: boolean

      Only used internally for recursion.

    Returns Promise<Store<Quad, Quad, Quad, Quad>>

    A store containing the relevant ACL triples.

handle

handleSafe

Private updateAclPermissions

  • updateAclPermissions(aclPermissions: AclPermission, isAcl: boolean): AclPermission
  • Sets the correct values for non-acl permissions such as create and delete. Also adds the correct values to indicate that having control permission implies having read/write/etc. on the acl resource.

    The main reason for keeping the control value is so we can correctly set the WAC-Allow header later.

    Parameters

    • aclPermissions: AclPermission
    • isAcl: boolean

    Returns AclPermission